CVE & CISA-KEV Catalog

CVE-2024-0161

HIGH
7.2
CVSS v3
NVD

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

How to fix

Remediation Available
dss 8440 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
emc storage nx3240 firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
emc storage nx3340 firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
emc xc core 6420 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
emc xc core xc450 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
emc xc core xc640 firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
emc xc core xc650 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
emc xc core xc6520 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
emc xc core xc740xd2 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
emc xc core xc740xd firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
emc xc core xc750 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
emc xc core xc750xa firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
emc xc core xc940 firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
emc xc core xcxr2 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
poweredge c4130 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge c4140 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
poweredge c6320 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge c6420 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge c6520 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge fc430 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge fc630 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge fc640 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge fc830 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge m630 \(pe vrtx\) firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge m630 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge m640 \(pe vrtx\) firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge m640 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge m830 \(pe vrtx\) firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge m830 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge mx740c firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge mx750c firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge mx840c firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge r230 firmwareNVD
Affected:< 2.20.0Fixed in:2.20.0CVE-2024-0161derived from NVD
poweredge r250 firmwareNVD
Affected:< 1.9.1Fixed in:1.9.1CVE-2024-0161derived from NVD
poweredge r330 firmwareNVD
Affected:< 2.20.0Fixed in:2.20.0CVE-2024-0161derived from NVD
poweredge r350 firmwareNVD
Affected:< 1.9.1Fixed in:1.9.1CVE-2024-0161derived from NVD
poweredge r360 firmwareNVD
Affected:< 1.1.1Fixed in:1.1.1CVE-2024-0161derived from NVD
poweredge r430 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge r440 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
poweredge r450 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge r530 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge r540 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
poweredge r550 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge r630 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge r640 firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
poweredge r650 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge r650xs firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge r730 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge r730xd firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge r740 firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
poweredge r740xd2 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
poweredge r740xd firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
poweredge r750 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge r750xa firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge r750xs firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge r830 firmwareNVD
Affected:< 1.19.0Fixed in:1.19.0CVE-2024-0161derived from NVD
poweredge r840 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge r930 firmwareNVD
Affected:< 2.14.0Fixed in:2.14.0CVE-2024-0161derived from NVD
poweredge r940 firmwareNVD
Affected:< 2.21.2Fixed in:2.21.2CVE-2024-0161derived from NVD
poweredge r940xa firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge t130 firmwareNVD
Affected:< 2.20.0Fixed in:2.20.0CVE-2024-0161derived from NVD
poweredge t150 firmwareNVD
Affected:< 1.9.1Fixed in:1.9.1CVE-2024-0161derived from NVD
poweredge t330 firmwareNVD
Affected:< 2.20.0Fixed in:2.20.0CVE-2024-0161derived from NVD
poweredge t350 firmwareNVD
Affected:< 1.9.1Fixed in:1.9.1CVE-2024-0161derived from NVD
poweredge t360 firmwareNVD
Affected:< 1.1.1Fixed in:1.1.1CVE-2024-0161derived from NVD
poweredge t430 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge t440 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
poweredge t550 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge t630 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
poweredge t640 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge xe2420 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
poweredge xe7420 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge xe7440 firmwareNVD
Affected:< 2.21.0Fixed in:2.21.0CVE-2024-0161derived from NVD
poweredge xr11 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge xr12 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0161derived from NVD
poweredge xr2 firmwareNVD
Affected:< 2.21.1Fixed in:2.21.1CVE-2024-0161derived from NVD
poweredge xr4510c firmwareNVD
Affected:< 1.14.1Fixed in:1.14.1CVE-2024-0161derived from NVD
poweredge xr4520c firmwareNVD
Affected:< 1.14.1Fixed in:1.14.1CVE-2024-0161derived from NVD
storage nx3230 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
storage nx3330 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
storage nx430 firmwareNVD
Affected:< 2.20.0Fixed in:2.20.0CVE-2024-0161derived from NVD
xc430 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
xc630 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
xc6320 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
xc730 firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD
xc730xd firmwareNVD
Affected:< 2.19.0Fixed in:2.19.0CVE-2024-0161derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeChanged

Impact

ConfidentialityNone
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

Exploit Intelligence

0.20%probability of exploitation in 30 days
10thpercentile

Low risk: more likely to be exploited than 10% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-20 (Improper Input Validation) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-3400Critical10.0100%KEV + Ransom-
CVE-2021-45105Medium5.9100%-Fix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2021-21985Critical9.8100%KEV + RansomFix
CVE-2018-7600Critical9.8100%KEV + RansomFix
CVE-2020-3452High7.5100%KEVFix
Embed a live status badge for CVE-2024-0161
CVE-2024-0161 severity badge

Markdown

[![CVE-2024-0161](https://tridentstack.com/cve/badge/CVE-2024-0161.svg)](https://tridentstack.com/cve/CVE-2024-0161)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-0161"><img src="https://tridentstack.com/cve/badge/CVE-2024-0161.svg" alt="CVE-2024-0161"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-02-04.